Hello Folks, I am new to fleet and just configured...
# fleet
Hello Folks, I am new to fleet and just configured it on a public DNS. Added a Linux and windows host. Linux worked fine but got some issues for windows host. The first error is
detail_query_network_interface expected single result, got 0
and the second error is software data is not reflecting on the fleet software dashboard and displays the below error in the logs.
Copy code
{"component":"service","err":"detail_query_network_interface expected single result, got 0","method":"IngestFunc","ts":"2022-12-15T11:58:41.396213187Z"}
{"hostID":1,"level":"error","message":"distributed query is denylisted","query":"fleet_detail_query_software_windows","ts":"2022-12-15T11:58:41.396500965Z"}
{"level":"warn","op":"directIngestWindowsUpdateHistory","skipped":"KB id not found in HP Development Company, L.P. - SoftwareComponent -","ts":"2022-12-15T11:58:41.400430479Z"}
The last line of the above error
KB id not found
displays the same for all the available softwares on that machine. currently I use v4.23.0.
Hi @Swakhil! Couple of questions: 1. re `detail_query_network_interface`: Maybe you can run the following live query on the host to check why Fleet is getting 0 results:
Copy code
    interface_addresses ia
    join interface_details id on id.interface = ia.interface
    join routes r on r.interface = ia.address;
1. re
being denylisted: Do you happen to have Python packages installed on the Windows host? (If not, what kind of software does it have installed? how many users does the host have?) 2. re
: I'll open an issue for this. It seems the title of that particular Windows Update doesn't contain the KB number?...
Hi @Lucas Rodriguez, Tried running the query on the host, but nothing was returning. Finally, Installed latest version v4.24.1 which worked perfectly fine. The software data and network details are visible on the individual host page.
Any idea on updating websockets on nginx server for fleet to communicate?
Thank you @Swakhil, from below code snippet
Copy code
location / {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $host;

      proxy_pass <http://ws-backend>;

      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
For proxy_pass: should we add our fleet FQDN?
Copy code
example:    proxy_pass <http://FLEET_FQDN>;
It should be the upstream server that the request should be forwarded to. Not sure of how you have configured the fleet.
Osquery_host ------> nginx proxy (http ---> https) --------> fleet docker listening on 8080, 3 hosts
I have configured it through fleet binary, not sure of deploying through docker compose. I can see that you are trying to run fleet on 8080 but nginx is listening on port 443. You can try configuring it on 443 with key & cert path and proxy_pass with fleet fqdn.
Sure, yeah I will try it in sometime, should I try configuring 443 on fleet binary/docker itself?
It is upto you, if you want to run on https, I found binary would be simple. just directly passing the parameters to fleet binary like below
Copy code
./fleet serve \
  --mysql_address= \
  --mysql_database=fleet \
  --mysql_username=root \
  --mysql_password=test@001 \
  --redis_address= \
  --server_address= \
  --server_cert=/etc/ssl/cert-key/server.cert \
  --server_key=/etc/ssl/cert-key/server.key \
  --osquery_result_log_plugin=stdout \
  --osquery_status_log_plugin=stdout \
Okay, you have directly exposed it to run on 443, good. that should not overwrite or cause trouble removing default 8080 right?
Thank you, I will try it and update you on this in 2 hours
It is working, updated websocket details in nginx configuration
Tried running the query on the host, but nothing was returning. Finally, Installed latest version v4.24.1 which worked perfectly fine.
@Swakhil So the issue was resolved by updating?